‘Spring4Shell vulnerability heavily exploited, especially in Europe’
The Spring4Shell vulnerability is being abused in large numbers. European companies appear to be favoured among attackers.
In the first four days following Spring4Shell's discovery, one in six of those affected had been targeted by hackers. This is concluded by Check Point in a recent report. T... Read more
New Spring Java framework vulnerability could be next Log4Shell
The zero day vulnerability allows remote code execution.
A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, according to a report in Bleeping Computer. The vulnerability allows unauthenticated remote code execution on applications.
... Read more
‘One in three Log4j instances remain unpatched despite critical bug’
A third of all Log4j instances remains unpatched more than four months after the discovery of a highly critical vulnerability.
Qualys research shows that about 30 percent of all applications, servers and systems running Log4j are still prone to Log4Shell, the infamous vulnerability. Remote hacke... Read more
Microsoft finds a new SolarWinds vulnerability during Log4j research
A Log4j investigation led Microsoft to a new vulnerability related to the infamous SolarWinds attack of 2020.
Microsoft states that the search for various Log4j vulnerabilities yielded a welcome byproduct. During a recent investigation, researchers stumbled upon a previously unknown vulnerabilit... Read more
UK NHS warns of Log4j vulnerability in VMware Horizon
The UK's National Health Service (NHS) has issued a warning stating that hackers are actively exploiting Log4j vulnerabilities in unpatched VMware Horizon servers.
Log4j vulnerabilities are everything but a concern of the past. The problem continues to claim victims. The UK NHS recently issued a... Read more
Security researchers find new Log4Shell in H2 database software
Security organization JFrog has found a vulnerability in H2. The problem is similar to Log4Shell, the infamous threat in Log4j.
H2 consoles on servers accessible from the outside can be abused for remote code execution (RCE). Multiple lines of code in H2 send urls to a 'javax.naming.Context.look... Read more
Log4j 2.15 is not foolproof; Apache publishes second emergency patch
The emergency patch for the infamous vulnerability in Java library Log4j is not foolproof. Its developer, Apache Software Foundation, publishes a new version (2.16) in hopes of eliminating the vulnerability once and for all.
A severe vulnerability in an extremely popular Java library puts the gl... Read more
Log4j update: 60 variations of Log4Shell, hundreds of thousands of attacks
The severity of the vulnerability in Log4j is anything but theoretical. Cybercriminals are scanning ports worldwide to find entry points for abuse. Security researchers observed hundreds of thousands of attacks.
In the past few days, Check Point Research recognized 470,000 network scan attempts.... Read more
Log4Shell: what is Log4j, who does it affect and how do you patch it?
A critical vulnerability in a widely used open-source library for Java puts the global IT landscape on alert. The likelihood that your environment is affected has rarely been more significant. Solving starts with understanding. As such, we explore the problem with the Log4j vulnerability known as L... Read more